Coinversaa Pulse

This skill appears internally consistent with its stated purpose, but review these points before installing: - npx executes remote npm code: the SKILL.md instructs running `npx -y @coinversaa/mcp-server`. That will download and run code from the npm registry. If you are concerned about supply-chain risk, inspect the @coinversaa/mcp-server package source (repository listed as https://github.com/coinversaa/mcp-server), check maintainers, versions, and ideally review the package before running it. - API key is optional: you can use 7 free tools without providing credentials. If you do provide COINVERSAA_API_KEY, only give it to this connector and avoid pasting keys into shared locations. The SKILL.md documents the key prefix (cvsa_) and an optional COINVERSAA_API_URL. - Config file edits are local: the skill tells you how to add the MCP entry to local agent config files (Claude, Cursor, OpenClaw). These are expected setup steps but will change agent behavior by registering the connector — only perform if you trust coinversaa.ai and the npm package. - Trading-related caution: the documentation mentions backend-signed orders and approvals on Hyperliquid. The skill does not request wallet keys, but if you plan agentic trading, understand who signs orders (their backend signer) and do not share private wallet keys or vault credentials unless you explicitly intend to enable trading with that service. - If you want higher assurance: verify the npm package checksum/release on the repository, review the repository code, and prefer installing pinned versions rather than allowing npx to fetch the latest by default. If you want, I can: summarize the SKILL.md fully, extract the exact list of tools and rate limits, or fetch the GitHub repo link to show where to audit the npm package.